1. Technical Field
This disclosure relates generally to ensuring integrity, confidentiality and privacy of business information in an environment in which resources are hosted in a shared pool of configurable computing resources.
2. Background of the Related Art
User authentication is one function that service providers offer to ensure that users accessing resources (e.g., applications, web content, etc.) are authorized to do so. To ensure that a user is not an imposter, service providers (e.g., web servers) generally ask for a user's username and password to prove identity before authorizing access to resources. Single sign-on (SSO) is an access control mechanism which enables a user to authenticate once (e.g., provide a username and password) and gain access to software resources across multiple systems. Typically, an SSO system enables user access to resources within an enterprise or an organization. Federated Single Sign-on (F-SSO) extends the concept of single sign-on across multiple enterprises, thus establishing partnerships between different organizations and enterprises. F-SSO systems typically include application level protocols that allow one enterprise (e.g., an identity provider) to supply a user's identity and other attributes to another enterprise (e.g., a service provider).
An emerging information technology (IT) delivery model is cloud computing, by which shared resources, software and information are provided over the Internet to computers and other devices on-demand. Cloud computing can significantly reduce IT costs and complexities while improving workload optimization and service delivery. With this approach, an application instance can be hosted and made available from Internet-based resources that are accessible through a conventional Web browser over HTTP.
While cloud computing provides many advantages, data security is a major concern. In particular, companies that desire to deploy their enterprise applications within a cloud environment often maintain and manage critical business information in association with such applications. When those applications are deployed in the cloud, necessarily that critical business information is exposed to the cloud computing service provider. As a consequence, that business information is at risk because, by its very nature, a cloud computing environment places the information within the administrative control of the cloud computing service provider. While technical and legal protections may exist, the integrity, confidentiality and privacy of the business information cannot be ensured absolutely. As just one example scenario, if the cloud service provider is acquired, the enterprise business information may be exposed to third parties, even potential competitors. This is untenable.
Until cloud provider customers can be assured that they can maintain security control over their business information, they will be hesitant about deploying their business-critical applications in a cloud computing environment. The subject matter of this disclosure addresses this problem.